Microsoft goes outside for phishing help

Microsoft on Thursday announced it would pull data on phishing sites from three new partners in an attempt to boost the effectiveness of its anti-fraud technology.

The three firms -- Cyota, Internet Identity and MarkMonitor -- will provide data to Microsoft on phishing threats and confirmed phishing Web sites. The new data will be used in the current Phishing Filter, a free add-on to Microsoft's MSN Search Toolbar, and in the anti-phishing tools integrated within Internet Explorer 7 for Windows Vista and Windows XP SP2. IE 7 is still in beta testing on both platforms.

The data will also be applied to MSN Hotmail and Live Mail beta users, Microsoft's two Web-based e-mail services.

"There is no silver bullet that can stop phishing, but we believe when armed with continuously updated data from both great partners and our own users, can help make a significant difference for our customers," said John Scarrow, general manager of Microsoft's anti-spam and anti-phishing team, in a statement.

Cyota, Internet Identity, and MarkMonitor will send Microsoft data feeds from their own customers, which number major consumer brands and financial firms around the world. Phishing attacks are usually directed against large e-tailers and financial institutions, such as banks and credit card companies, and are typically first detected when customers of those companies report suspicious e-mails.

Microsoft's anti-phishing efforts first check against a "white list" of trusted sites stored locally. If the site's not on that list, the tools check against a database of reported phishing sites. That database is updated several times each hour, with information provided not only by Microsoft and its data suppliers -- including the three announced Thursday -- but also by reports submitted by users.